//package com.spring.security.core.aop;
//
//import java.lang.reflect.Method;
//
//import javax.servlet.http.HttpServletRequest;
//
//import org.aspectj.lang.ProceedingJoinPoint;
//import org.aspectj.lang.annotation.Around;
//import org.aspectj.lang.annotation.Aspect;
//import org.aspectj.lang.reflect.MethodSignature;
//import org.springframework.web.context.request.RequestAttributes;
//import org.springframework.web.context.request.RequestContextHolder;
//import org.springframework.web.context.request.ServletRequestAttributes;
//import org.springframework.web.servlet.ModelAndView;
//
//import com.spera.shopoa.util.ShopOaSessionUtil;
//import com.spring.security.core.annotation.OaUserPermission;
//
//@Aspect
//public class OaControllerFilter {
//
//	@Around("execution(* com.spring.oaassist.web.controller.OaAssistController(..))")
//	public ModelAndView auth(ProceedingJoinPoint joinPoint) {
//		MethodSignature ms = (MethodSignature) joinPoint.getSignature();
//		Method method = ms.getMethod();
//
//		RequestAttributes ra = RequestContextHolder.getRequestAttributes();
//		ServletRequestAttributes sra = (ServletRequestAttributes) ra;
//		HttpServletRequest request = sra.getRequest();
//		boolean ret = ShopOaSessionUtil.checkOaPriv(
//				request,
//				ShopOaSessionUtil.APPPATH
//						+ method.getAnnotation(OaUserPermission.class).value());
//
//		if (ret) {
//			try {
//				return (ModelAndView) joinPoint.proceed();
//			} catch (Throwable e) {
//				ModelAndView mav = new ModelAndView("404");
//				mav.getModel().put("error", e.getMessage());
//				return mav;
//			}
//		} else {
//			ModelAndView mav = new ModelAndView("401");
//			mav.getModel().put("error", "unauthorised");
//			return mav;
//		}
//	}
//}
